Attorney's Docket No.: 1021 14.00034 
AMENDMENTS TO THE CLAIMS 

1. (Cancelled) 

2. (Cancelled) 

3. (Cancelled) 

4. (Currently Amended) A method of verifying a program fragment downloaded 
onto a reprogrammable on board embedded system, such as a microproc e ssor card equipped 
with a rewritable memory, a microprocessor and a virtual machine equipped with an execution 
stack and with operand registers, said program fragment consisting of an object code and 
including at least one subprogram^] consisting of a series of instructions manipulating said 
operand registers, by the microproc e ssor of th e on — board syst e m by way of a virtual machin e 
e quipp e d with an e x e cution stack and with op e rand regist e rs manipulated by th e s e instructions, 
and said microprocessor and virtual machine making it possible to interpret [this] said object 
code, said en — board embedded system being interconnected to a reader, charact e riz e d in that 
said m e thod, following wherein subsequent to the detection of a downloading command and the 
storage of said object code constituting [this] said p rogram fragment in said rewritable memory, 
consists, said method, for each subprogram , comprises: 

a) in carrying out a stag e of initializing the type stack and the table of register 
types [by] through data representing the state of the virtual machine at the starting of the 
execution of [the] said temporarily stored object code; 

P) in carrying out a verification process of said temporarily stored object code 
instruction by instruction, by discerning the existence, for each current instruction, of a 
target, a branching-instruction target, a target of an exception-handler call or a target of a 
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subroutine call, and, said current instruction being the target of a branching instruction, 
said verification process including verifying that the stack is empty and rejecting the 
program fragment otherwise; 

y)-4ft carrying out a verification process and an updating of the effect of said 
current instruction on the data types of said type stack and of said table of register 
types[,]i 

on th e basis of th e e xist e nc e of a branching — instruction targ e t, of a targ e t of a subroutin e 

call or of a targ e t of an e xc e ption handl e r call , said verification process b eing 

successful when the table of register types is not modified in the course of a verification 
of all the instructions, and [the] said verification process being carried out instruction by 
instruction until the table of register types is stable, with no modification being p resent, 
the verification process being interrupted and said program fragment being rejected, 
otherwise. 

5. (Currently Amended) The [verificationjmethod [as claimed in]of claim 4, 
[characterized in thatl wherein the variable types which are manipulated during [the]said 
verification process include at least: 

[ — ] class identifiers corresponding to object classes which are defined in the program 
fragment; 

[- Jnumeric variable types including at least a type short , for an integer coded on [p] a 
given number of b its, designated as short type, and a type r e taddr for the return 
address of a jump instruction [JSR1 , designated as a return address type ; 

[- a type null relating to] references of null objects designated as null type; 
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[ — a] object type obj e ct relating to objects designated as object type; 

[- ]a first specific type £tj representing the intersection of all the types and 
corresponding to the zero value [0, nil ] , designated as the intersection type ; 

[- ]a second specific type tp] representing the union of all the types and corresponding to 
any type of value, designated as the union type . 

6. (Currently Amended) Thejn[M]ethod as claim e d in of claim 5, charact e riz e d in 
that wherein all said variable types verify a subtyping relation: 

["object e T] object type belongs to the union type ; 

[short, retaddr e T] short type and return address type belong to the union type ; 

e null short , retaddr] the intersection type belongs to null type, short type or return address 
type . 

7. (Cancelled) 

8. (Currently Amended) The method [as claimed in one] of claim[s] 4 [to 7], 
[characterized in that when] wherein said current instruction [is] being the target of a subroutine 
call, said verification process [verifies] comprising: 

verifying that the previous instruction to said current instruction is an unconditional 
branching, a subroutine return or a [raisingl withdrawal of an exception M; and 
said v e rification proc e ss, in th e cas e of a positiv e v e rification, proc ee ding to 
reupdat[e]ing the stack of variable types by an entity of [ retaddr l the return address 
type, formed by the return address of the subroutine, in case of a positive 
verification process; and^ 
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[the Rejecting said program fragment in case said verification process isjailing^ and th e 
program fragment b e ing r e j e ct e d otherwise. 

9. (Currently Amended) The method [as claimed in one] of claimfs] 4 [to 8], 
[characterized in that when thel wherein said current instruction [is] being the target of an 
exception handler, said verification process [verifies] comprising: 

verifying that the previous instruction to said current instruction is an unconditional 
branching, a subroutine return or a [raising] withdrawal of an exception[,]; [said 
verification process, in] and 

reupdating the type stack, by entering the exception type, in [thel case of a positive 
verification process; p roc ee ding to reupdat e the typ e stack by e nt e ring th e 
e xc e ption typ e , and th e v e rification proc e ss failing and the program fragm e nt 
b e ing r e j e cted and 

rejecting said program fragment in case of said verification process is failing, otherwise. 

10. (Currently Amended) The method [as claimed in one] of claim[s] 4 [to 9], 
[characterized in that when thel wherein said current instruction [is]being the target of multiple 
incompatible branchings, [thel said verification process is fail[s]ed and [the] said p rogram 
fragment is rejected. 

11. (Currently Amended) The method [as claimed in one] of claim[s] 4 [to 10], 
[characterized in that when thel wherein said current instruction [is]being not the target of any 
branching, [the] said verification process [continues! comprises continuing b y passing to an 
update of the type stack. 
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12. (Currently Amended) The method [as claimed in one] of claim[s] 4 [to 11], 
[characterized in that the stage] wherein said step of verification of the effect of the current 
instruction on the type stack includes, at least: 

[- a stage of ]verifying that the type execution stack includes at least as many entries as 
the current instruction includes operands; 

[- a stage of ]unstacking and [of] verifying that the types of the entries at the top of the 
stack are subtypes of the types of the operands types of the operands of ["this! said 
current instruction; 

[- a stage of ]verifying the existence of a sufficient memory space on the types stack to 
proceed to stack the results of [the] said current instruction; 

[- a stage of] stacking on the stack data types which are assigned to these results. 

13. (Currently Amended) The method [as claimed in]of claim 12, [characterized in 
that when thel wherein said current instruction [is]being_an instruction to read a register ofa 
given address [n], [the] said verification process consists comprises : 

[ — in ]verifying the data type of the result of [this] a corresponding reading, by reading 
[the]an entry [n] at said given address in the table of register types; 

[ — in determining the effect of [the] said current instruction on the type stack by 
unstacking the entries of the stack corresponding to the operands of [this] said 
current instruction and by stacking the data type of [thisl said result. 
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14. (Currently Amended) The method [as claimed in]of claim 12, [characterized in 
that when the] wherein said current instruction [is]being_an instruction to write to a register of a 
given address [m], [this] said verification process consists comprises : 

[ — in Jdetermining the effect of the current instruction on the type stack and the given 
type [t] of the operand which is written in this register [of] at said given address [ 
m]; 

[ — in Jreplacing the type entry of the table of register types at said given address [m ]by 
the type immediately above the previously stored type and above the given type [t 
]of the operand which is written in this register [of] at said given address [ m]. 

15. (Currently Amended) A method of transforming an object code of a program 
fragment including a series of instructions , in which the operands of each instruction belong to 
the data types manipulated by [this] said instruction, the execution stack does not exhibit any 
overflow phenomenon, and for each branching instruction, the type of the stack variables at [this] 
a corresponding branching is the same as [at thel that of t argets of this branching, into a 
standardized object code for this same program fragment, in which th e op e rands of each 
instruction b e long to th e data typ e s manipulat e d by this instruction, th e ex e cution stack do e s not 
e xhibit any ov e rflow ph e nom e non, th e e x e cution stack is e mpty at e ach branching instruction 
and at e ach branching — targ e t instruction, charact e riz e d in that this m e thod consists, wherein, for 
all the instructions of said object cod e, said method comprising : 

[- in ] annotating each current instruction with the data type of the stack before and after 
execution of [thisl said current instruction, with the annotation data being 
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calculated by means of an analysis of the data stream relating to [this] said current 
instruction; 

[- in Jdetecting, within said instructions and within each current instruction, the existence 
of branchings, or respectively of branching-targets, for which said execution stack 
is not empty, [the] said detecti[on]ng operation being carried out on the basis of 
the annotation data of the type of stack variables allocated to each current 
instruction^]; and in [the presence] case of detection of a non-empty execution 
stack, 

[- in inserting instructions to transfer stack variables on 
either side of [these] said b ranchings or of [these] said branching targets[,] 
respectively^ in order to empty the contents of the execution stack into temporary 
registers before [ this] said b ranching and to reestablish the execution stack from 
said temporary registers after [thisl said b ranching^] ; and [in ]not inserting any 
transfer instruction otherwise, [making it possible] said method allowing thus to 
obtain a standardized object code for [thisl said same program fragment, in which 
the operands of each instruction belong to the data types manipulated by said 
instruction, the execution stack does not exhibit any overflow phenomenon, the 
execution stack is empty at each branching instruction and at each branching — 
target instruction, in the absence of any modification to the execution of said 
program fragment. 

16. (Currently Amended) A method of transforming an object code of a program 
fragment including a series of instructions , in which the operands of each instruction belong to 
the data types manipulated by [this] said instruction, and an operand of given type written into a 
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register by an instruction of this object code is reread from this same register by another 
instruction of Fthisl said object code with the same given data type, into a standardized object 
code for this same program fragment, in which th e operands of e ach instruction b e long to th e 
data typ e s manipulat e d by this instruction, th e sam e data typ e b e ing allocat e d to th e same r e gist e r 
throughout said standardiz e d obj e ct cod e , charact e riz e d in that this m e thod consists, wherein for 
all the instructions of said object code , said method comprising : 

[- in Jannotating each current instruction with the data type of the registers before and 
after execution of |"this~| said current instruction, with the annotation data being 
calculated by means of an analysis of the data stream relating to ["this] said 
instruction; 

[- in ] carrying out a reallocation of [the] said registers, by detecting the original registers 
employed with different types, [by]dividing these original registers into separate 
standardized registers, with one standardized register for each data type used, and 

reupdating the instructions which manipulate the operands which use said 
standardized registers; 

said method allowing thus to obtain said standardized object code for this same program 
fragment in which the operands of each instruction belong to the data types manipulated 
by said instruction, the same data type being allocated to the same register throughout 
said standardized object code . 

17. (Currently Amended) The method [as claimed in] of claim 15, charact e riz e d in 
that the stag e consisting in wherein said detecting!",] within said instructions and within each 
current instruction^] of the existence of branchings, or respectively of branching targets, for 
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which the execution stack is not empty, [consists, following] after detection of each 
corresponding instruction of given rank [i] consists in comprises : 

[- in ] associating with each instruction of said given rank [i ]a set of new registers, one 
new register being associated with each stack variable which is active at this instruction; and 

[- in ]examining each detected instruction of said given rank [i ]and [in ] discerning the 
existence of a branching target or branching, respectively[,]; and, in the case where the 
instruction of said given rank [i] is a branching target and that the execution stack at this 
instruction is not empty, 

[• ]for every preceding instruction, of rank [i — lj preceding said given rank and 
consisting of a branching, a [raising] withdrawal of an exception or a program return, [the]said 
detected instruction of said given rank [i] being accessible only by a branching, [•• ] 
[in]inserting a set of loading instructions [load]to load from the set of new registers before said 
detected instruction of said given rankf i], with a_redirection of all branchings to the detected 
instruction of said given rank [i ]to the first inserted loading instruction[load]; and 

[• ]for every preceding instruction, of rank [i — 1] preceding said given rank , continuing 
in sequence, \ the] said detected instruction of said given rank [i ]being accessible simultaneously 
[bv) from a branching and from [the] said p receding instruction of rank [i-1] preceding said given 
rank , f ] [in]inserting a set of backup instructions [store] to back up to the set of new registers 
before the detected instruction of said given rankf i], and a set of loading instructions [load ]to 
load from this set of new registers, with a_redirection of all the branchings to the detected 
instruction of said given rank [i ]to the first inserted loading instruction[ load], and, in the case 
where said detected instruction of said given rank [i ] is a branching to a given instruction, 
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[• ]for every detected instruction of said given r ank [i ]consisting of an unconditional 
branching, [••] [in] inserting, before the detected instruction of said given rankf i], multiple 
backup instructions [ store], a backup instruction being associated with each new register; and 

[• ]for every detected instruction of said given rank [i Consisting of a conditional 
branching instruction, and for a given number [m > 0] greater than zero of operands manipulated 
by [this] said conditional branching instruction, [••] [in]inserting, before [this] said detected 
instruction of said given rankf i], a permutation instruction, [ swap — x , ]at the top of the execution 
stack of the [m ]operands of the detected instruction of said given rank [i ]and the [n ]following 
values, [thisl the corresponding p ermutation operation [making it possible] allowing thus to 
collect at the top of the execution stack [the n] said following values to be backed up in the set of 
new registers[,]; and [•• ] [in] inserting, before the instruction of said given rankf i], a set of 
backup instructions [store ]to back up to the set of new registers[,]i and [•• ] [in] inserting, after 
the detected instruction of said given rankril, a set of load instructions [ load ] to load from the set 
of new registers. 

18. (Currently Amended) The method [as claimed in]of claim 16, [characterized in 
that] wherein [the stage] consisting in reallocating registers by detecting the original registers 
employed with different types consists comprises : 

[ — in ]determining the lifetime intervals of each register; 

[ — in ]determining the main data type of each lifetime interval, the main data type of a 
lifetime interval [j ]for a given register [r ]being defined by the upper bound of the data types 
stored in [this] said given register [r ]by the backup instructions [store]belonging to [the] said 
lifetime interval[ j]; 



12 



Attorney's Docket No.: 1021 14.00034 

[- in ]establishing an interference graph between the lifetime intervals, [this]said 
interference graph consisting of a non-oriented graph of which each peak consists of a lifetime 
interval, and of which the arcs between two peaks [ji and j2]exist if fal one of the p eaks contains a 
backup instruction addressed to the register of the other peak or vice versa; 

[- in ]translating the uniqueness of a data type which is allocated to each register in the 
interference graph, by adding arcs between, all pairs of peaks of the interference graph while two 
peaks of a pair of peaks do not have the same associated main data type; 

[- in ] carrying out an instantiation of the interference graph, by assigning to each lifetime 
interval a register number, in such a way that different register numbers are assigned to two 
adjacent life time intervals in [the] said interference graph. 

19. (Cancelled) 

20. (Currently Amended) An r on-boardl embedded system which can be 
reprogrammed by downloading program fragments, said embedded system including a least one 
microprocessor, one random-access memory, one input/output module, one electrically 
reprogrammable nonvolatile memory and one permanent memory, in which are installed a main 
program and a virtual machine [which makes it possible] allowing to execute the main program 
and at least one program fragment using said microprocessor, [characterized in that] wherein said 
[on-boardl embedded system includes at least one verification p rogram module to [manage and' 
]verify a downloaded program fragment in accordance with th e protocol for managing a 
download e d program fragm e nt as claim e d in on e of claims 1 to 3, a process comprising: 
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initializing the type stack and the table of register types through data representing the 
state of said virtual machine at the starting of the execution of said temporarily stored object 
code; 

carrying out a verification process of said temporarily stored object code instruction by 
instruction, by discerning the existence, for each current instruction, of a target, a branching- 
instruction target, a target of an exception-handler call or a target of a subroutine call and, said 
current instruction being the target of a branching instruction, said verification process consisting 
in verifying that the stack is empty and rejecting the program fragment otherwise; 

carrying out a verification process and an updating of the effect of said current instruction 
on the data types of said type stack and of said table of register types; 

said verification process being successful when the table of register types is not modified in the 
course of a verification of all the instructions, and said verification process being carried out 
instruction by instruction until the table of register types is stable, with no modification being 
present, said verification process being interrupted and said program fragment being rejected, 
otherwise; 

said management and verification program module being installed in the permanent memory. 

21. (Cancelled) 

22. (Currently Amended) A [method of| system for transforming an object code of a 
program fragment including a series of instructions, in which the operands of each instruction 
belong to the data types manipulated by [this] said instruction, the execution stack does not 
exhibit any overflow phenomenon[,] and for each branching instruction, the type of stack 
variables at fthisl a corresponding branching is the same as [atl that of the targets of this 
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branching, and an operand of given type written to a register by an instruction of [this] said object 
code is reread from [thisjsaid same register by another instruction of this object code with the 
same given data type, into a standardized object code for this same program fragment, in which 
th e operands of e ach instruction b e long to th e data typ e s manipulat e d by this instruction, th e 
e x e cution stack do e s not e xhibit overflow ph e nom e non, th e e x e cution stack is e mpty at e ach 
branching instruction and at each branching — targ e t instruction, the same data typ e b e ing 
assign e d to th e sam e r e gist e r throughout said standardiz e d obj e ct code, charact e riz e d in that 
wherein said f conversion] transforming system includes, at least, installed in the working 
memory of a development computer or workstation, a program module [to]for transforming 
rthisl said object code into a standardized object code in accordance with th e m e thod as claim e d 
in on e of claims 15 to 18, making it possibl e to g e n e rat e a standardiz e d obj e ct cod e for said 
program fragment, satisfying th e crit e ria for v e rifying this download e d program fragm e nt a 
process of transforming including for all the instructions of said object code comprising: 

annotating each current instruction with the data type of the stack before and after 
execution of said current instruction, with the annotation data being calculated by means of an 
analysis of the data stream relating to said current instruction; 

detecting, within said instructions and within each current instruction, the existence of 
branchings, or respectively of branching-targets, for which said execution stack is not empty, 
said detecting operation being carried out on the basis of the annotation data of the type of stack 
variables allocated to each current instruction; and, in case of detection of a non — empty 
execution stack, 

inserting instructions to transfer stack variables on either side of said branchings or of 
said branching targets respectively, in order to empty the contents of the execution stack into 
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temporary registers before said branching and to reestablish the execution stack from said 
temporary registers after said branching; and 

not inserting any transfer instruction otherwise, said method allowing thus to obtain said 
standardized object code for said same program fragment, in which the operands of each 
instruction belong to the data types manipulated by said instruction, the execution stack does not 
exhibit any overflow phenomenon, the execution stack is empty at each branching instruction 
and at each branching-target instruction, in the absence of any modification to the execution of 
said program fragment . 

23. (Cancelled) 

24. (Currently Amended) A computer program product which is recorded on a 
medium and can be loaded directly from a terminal into the internal memory of a 
reprogrammable [on-board] embedded system)", such as a microprocessor card] equipped with a 
microprocessor and a rewritable memory, [this] said [on-board] embedded system making it 
possible to download and temporarily store a program fragment consisting of an object code[,] 
including a series of instructions, executable by [the] said microprocessor [of the on-board 
system ]by way of a virtual machine equipped with an execution stack and with operand registers 
manipulated via [these] said instructions and making it possible to interpret [this] said object code, 
[this] said computer program product including portions of object code to execute the 
[stagesl steps of verifying a program fragment downloaded onto [this] said [on-board] embedded 
system as claim e d in on e of claims 4 to 14, wh e n this on board system is int e rconn e ct e d to a 
t e rminal and this program is e x e cut e d by th e microproc e ssor of this on board syst e m by way of 
said virtual machin eaccording to a verifying process, said verifying process comprising: 
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initializing the type stack and the table of register types through data representing the state of 
said virtual machine at the starting of the execution of said temporarily stored object 
code; 

carrying out a verification process of said temporarily stored object code instruction by 
instruction, by discerning the existence, for each current instruction, of a target, a 
branching-instruction target, a target of an exception-handler call or a target of a 
subroutine call, and, said current instruction being the target of a branching instruction, 
said verification process consisting in verifying that the stack is empty and rejecting the 
program fragment otherwise; 

carrying out a verification process and an updating of the effect of said current instruction on the 
data types of said type stack and of said table of register types; 

said verification process being successful when the table of register types is not modified in the 
course of a verification of all the instructions, and said verification process being carried out 
instruction by instruction until the table of register types is stable, with no modification being 
present, said verification process being interrupted and said program fragment being rejected, 
otherwise . 

25. (Currently Amended) A computer program product which is recorded on a 
medium including portions of object code to execute fstagesl steps of [the method] a process of 
transforming an object code of a downloaded program fragment into a standardized object code 
for this same program fragmen t as claimed in one of claims 15 to 18 , said process of 
transforming comprising: 
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annotating each current instruction with the data type of the stack before and after execution of 
said current instruction, with the annotation data being calculated by means of an analysis 
of the data stream relating to said current instruction; 

detecting, within said instructions and within each current instruction, the existence of 
branchings, or respectively of branching — targets, for which said execution stack is not 
empty, said detecting operation being carried out on the basis of the annotation data of 
the type of stack variables allocated to each current instruction, and, in case of detection 
of a non-empty execution stack; 

inserting instructions to transfer stack variables on either side of said branchings or of said 
branching targets respectively, in order to empty the contents of the execution stack into 
temporary registers before said branching and to reestablish the execution stack from said 
temporary registers after said branching; and 

not inserting any transfer instruction otherwise, said method allowing thus to obtain said 
standardized object code for said same program fragment, in which the operands of each 
instruction belong to the data types manipulated by said instruction, the execution stack 
does not exhibit any overflow phenomenon, the execution stack is empty at each 
branching instruction and at each branching — target instruction, in the absence of any 
modification to the execution of said program fragment . 

26. (Currently Amended) A computer program product which is recorded on a 
medium [which] and can be used in a reprogrammable [on-board] embedded system, [such as a 
microprocessor card] equipped with a microprocessor and a rewritable memory, [this] said [on- 
boardl embedded system [making it possiblel allowing to download a program fragment 

* 
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consisting of an object code, a series of instructions, executable by the microprocessor of 
rthel said lon-boardl embedded system by f way] means of a virtual machine equipped with an 
execution stack and with local variables or registers manipulated via these instructions and 
making it possible to interpret [this] said object code, [thisjsaid computer program product 
including, at l e ast comprising : 

[- ]program resources which can be read by the microprocessor of [thisjsaid fon-board] embedded 
system via said virtual machine, to command execution of a procedure for managing the 
downloading of a downloaded program fragment; 

[- Jprogram resources which can be read by the microprocessor of [this] said [on-board] embedded 
system via said virtual machine, to command execution of a procedure for verifying, 
instruction by instruction, rthel said object code which makes up said program fragment; 

[- jprogram resources which can be read by the microprocessor of fthisl said lon-boardl embedded 
system via said virtual machine, to command execution of a downloaded program 
fragment rfollowingl subsequent to or in the absence of a conversion of [the] said object 
code of [thisj said program fragment into a standardized object code for this same 
program fragment. 

27. (Currently Amended) The computer program product as claimed in claim 26, 
additionally including program resources which can be read by the microprocessor of [this]said 
[on-boardl embedded system via said virtual machine, to command inhibition of execution, 
[on]by said lon-boardl embedded system, of said program fragment in the case of an unsuccessful 
verification procedure of this program fragment. 
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